And I have authentication set up and mostly working - I get AWS credentials back to my JS app. However, the credentials have an expiry set as the same time as when delegation call was made, which renders them unusable. I have tried setting the rule as follows, to try and control the lifetime, but it had no effect:

We use a similar approach for AWS console login, and it works great. We have a list of permitted accounts and roles stored per user, and add those dynamically. In the console SAML approach AWS presents a list of roles when logging in, is it possible to specify which of the permitted roles I want to use via the Auth0 JS API? Like this?